Vulnerabilities

CVE-2012-2692

by Fred · 16/06/2012

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

Date published : 2012-06-16

http://www.securityfocus.com/bid/53921

http://www.mantisbt.org/bugs/changelog_page.php?version_id=148

Similar

Tags: Cybersecurity Alert